How to create Virtual eXtensible Local Area Network interfaces

Create and configure Virtual eXtensible Local Area Network interfaces.

Operating system version.

$ lsb_release -a

No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye

Kernel version.

$ uname -a

Linux vxlan-1 5.10.0-16-amd64 #1 SMP Debian 5.10.127-1 (2022-06-30) x86_64 GNU/Linux

IP addresses configured on virtual servers used in this example.

vxlan-1:~$ ip --brief address

lo               UNKNOWN        127.0.0.1/8 ::1/128 
ens18            UP             172.16.151.111/21 fe80::c41f:38ff:fe73:c92d/64 

vxlan-2:~$ ip --brief address

lo               UNKNOWN        127.0.0.1/8 ::1/128 
ens18            UP             172.16.151.116/21 fe80::34f4:1eff:fe91:808f/64 

vxlan-3:~$ ip --brief address

lo               UNKNOWN        127.0.0.1/8 ::1/128 
ens18            UP             172.16.151.115/21 fe80::f885:67ff:feaa:8513/64 

VXLAN over multicast

Add a vxlan link named vxlan124 on every server using VXLAN Network Identifier 124, ens18 physical device, 4789 UDP destination port, and 239.0.0.124 multicast IP address to join.

$ sudo ip link add vxlan124 type vxlan id 124 dev ens18 dstport 4789 group 239.0.0.124

Assign IP address for created link.

vxlan-1:~$ sudo ip address add 192.168.124.101/24 dev vxlan124 

vxlan-2:~$ sudo ip address add 192.168.124.102/24 dev vxlan124 

vxlan-3:~$ sudo ip address add 192.168.124.103/24 dev vxlan124 

Inspect device status.

vxlan-1:~$ ip --brief link show dev vxlan124

vxlan124         DOWN           e6:2b:a3:4a:35:dd  

vxlan-2:~$ ip --brief link show dev vxlan124

vxlan124         DOWN           72:ae:11:87:58:ed  

vxlan-3:~$ ip --brief link show dev vxlan124

vxlan124         DOWN           22:15:fe:dc:9b:aa 

Bring interface up on every machine.

$ sudo ip link set vxlan124 up

Send ICMP echo requests to check communication.

vxlan-1:~$ ping -c 1 192.168.124.101

PING 192.168.124.101 (192.168.124.101) 56(84) bytes of data.
64 bytes from 192.168.124.101: icmp_seq=1 ttl=64 time=0.020 ms

--- 192.168.124.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.020/0.020/0.020/0.000 ms

vxlan-1:~$ ping -c 1 192.168.124.102

PING 192.168.124.102 (192.168.124.102) 56(84) bytes of data.
64 bytes from 192.168.124.102: icmp_seq=1 ttl=64 time=0.189 ms

--- 192.168.124.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.189/0.189/0.189/0.000 ms

vxlan-1:~$ ping -c 1 192.168.124.103

PING 192.168.124.103 (192.168.124.103) 56(84) bytes of data.
64 bytes from 192.168.124.103: icmp_seq=1 ttl=64 time=0.202 ms

--- 192.168.124.103 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.202/0.202/0.202/0.000 ms

vxlan-2:~$ ping -c 1 192.168.124.101

PING 192.168.124.101 (192.168.124.101) 56(84) bytes of data.
64 bytes from 192.168.124.101: icmp_seq=1 ttl=64 time=0.157 ms

--- 192.168.124.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.157/0.157/0.157/0.000 ms

vxlan-2:~$ ping -c 1 192.168.124.102

PING 192.168.124.102 (192.168.124.102) 56(84) bytes of data.
64 bytes from 192.168.124.102: icmp_seq=1 ttl=64 time=0.015 ms

--- 192.168.124.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.015/0.015/0.015/0.000 ms

vxlan-2:~$ ping -c 1 192.168.124.103

PING 192.168.124.103 (192.168.124.103) 56(84) bytes of data.
64 bytes from 192.168.124.103: icmp_seq=1 ttl=64 time=0.240 ms

--- 192.168.124.103 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.240/0.240/0.240/0.000 ms

vxlan-3:~$ ping -c 1 192.168.124.101

PING 192.168.124.101 (192.168.124.101) 56(84) bytes of data.
64 bytes from 192.168.124.101: icmp_seq=1 ttl=64 time=0.125 ms

--- 192.168.124.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.125/0.125/0.125/0.000 ms

vxlan-3:~$ ping -c 1 192.168.124.102

PING 192.168.124.102 (192.168.124.102) 56(84) bytes of data.
64 bytes from 192.168.124.102: icmp_seq=1 ttl=64 time=0.224 ms

--- 192.168.124.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.224/0.224/0.224/0.000 ms

vxlan-3:~$ ping -c 1 192.168.124.103

PING 192.168.124.103 (192.168.124.103) 56(84) bytes of data.
64 bytes from 192.168.124.103: icmp_seq=1 ttl=64 time=0.026 ms

--- 192.168.124.103 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.026/0.026/0.026/0.000 ms

List ARP entries.

vxlan-1:~$ ip neigh show dev vxlan124

192.168.124.103 lladdr 22:15:fe:dc:9b:aa STALE
192.168.124.102 lladdr 72:ae:11:87:58:ed STALE

vxlan-2:~$ ip neigh show dev vxlan124

192.168.124.103 lladdr 22:15:fe:dc:9b:aa STALE
192.168.124.101 lladdr e6:2b:a3:4a:35:dd STALE

vxlan-3:~$ ip neigh show dev vxlan124

192.168.124.102 lladdr 72:ae:11:87:58:ed STALE
192.168.124.101 lladdr e6:2b:a3:4a:35:dd STALE

VXLAN over unicast

Add a vxlan link named vxlan21 on every server using VXLAN Network Identifier 21, ens18 physical device, 8472 default UDP destination port.

$ sudo ip link add vxlan21 type vxlan id 21 dev ens18 dstport 0

Assign IP address for created link.

vxlan-1:~$ sudo ip address add 192.168.21.101/24 dev vxlan21

vxlan-2:~$ sudo ip address add 192.168.21.102/24 dev vxlan21

vxlan-3:~$ sudo ip address add 192.168.21.103/24 dev vxlan21

Display link status.

vxlan-1:~$ ip --brief link show dev vxlan21

vxlan21          DOWN           6e:b8:01:78:5e:45  

vxlan-2:~$ ip --brief link show dev vxlan21

vxlan21          DOWN           82:3e:3d:40:a5:a8  

vxlan-3:~$ ip --brief link show dev vxlan21

vxlan21          DOWN           4e:ab:8c:f2:50:fa  

Create Forwarding Database entries on every host.

vxlan-1:~$ sudo bridge fdb append 00:00:00:00:00:00 dev vxlan21 dst 172.16.151.116

vxlan-1:~$ sudo bridge fdb append 00:00:00:00:00:00 dev vxlan21 dst 172.16.151.115

vxlan-2:~$ sudo bridge fdb append 00:00:00:00:00:00 dev vxlan21 dst 172.16.151.111

vxlan-2:~$ sudo bridge fdb append 00:00:00:00:00:00 dev vxlan21 dst 172.16.151.115

vxlan-3:~$ sudo bridge fdb append 00:00:00:00:00:00 dev vxlan21 dst 172.16.151.111

vxlan-3:~$ sudo bridge fdb append 00:00:00:00:00:00 dev vxlan21 dst 172.16.151.116

Inspect Forwarding Database entries on every host.

vxlan-1:~$ sudo bridge fdb show dev vxlan21

00:00:00:00:00:00 dst 172.16.151.116 self permanent
00:00:00:00:00:00 dst 172.16.151.115 self permanent

vxlan-2:~$ sudo bridge fdb show dev vxlan21

00:00:00:00:00:00 dst 172.16.151.111 self permanent
00:00:00:00:00:00 dst 172.16.151.115 self permanent

vxlan-3:~$ sudo bridge fdb show dev vxlan21

00:00:00:00:00:00 dst 172.16.151.111 self permanent
00:00:00:00:00:00 dst 172.16.151.116 self permanent

Bring interface up on every machine.

$ sudo ip link set vxlan21 up

Send ICMP echo requests to check communication.

vxlan-1:~$ ping -c 1 192.168.21.101

PING 192.168.21.101 (192.168.21.101) 56(84) bytes of data.
64 bytes from 192.168.21.101: icmp_seq=1 ttl=64 time=0.014 ms

--- 192.168.21.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.014/0.014/0.014/0.000 ms

vxlan-1:~$ ping -c 1 192.168.21.102

PING 192.168.21.102 (192.168.21.102) 56(84) bytes of data.
64 bytes from 192.168.21.102: icmp_seq=1 ttl=64 time=0.172 ms

--- 192.168.21.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.172/0.172/0.172/0.000 ms

vxlan-1:~$ ping -c 1 192.168.21.103

PING 192.168.21.103 (192.168.21.103) 56(84) bytes of data.
64 bytes from 192.168.21.103: icmp_seq=1 ttl=64 time=0.208 ms

--- 192.168.21.103 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.208/0.208/0.208/0.000 ms

vxlan-2:~$ ping -c 1 192.168.21.101

PING 192.168.21.101 (192.168.21.101) 56(84) bytes of data.
64 bytes from 192.168.21.101: icmp_seq=1 ttl=64 time=0.144 ms

--- 192.168.21.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.144/0.144/0.144/0.000 ms

vxlan-2:~$ ping -c 1 192.168.21.102

PING 192.168.21.102 (192.168.21.102) 56(84) bytes of data.
64 bytes from 192.168.21.102: icmp_seq=1 ttl=64 time=0.012 ms

--- 192.168.21.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.012/0.012/0.012/0.000 ms

vxlan-2:~$ ping -c 1 192.168.21.103

PING 192.168.21.103 (192.168.21.103) 56(84) bytes of data.
64 bytes from 192.168.21.103: icmp_seq=1 ttl=64 time=0.142 ms

--- 192.168.21.103 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.142/0.142/0.142/0.000 ms

vxlan-3:~$ ping -c 1 192.168.21.101

PING 192.168.21.101 (192.168.21.101) 56(84) bytes of data.
64 bytes from 192.168.21.101: icmp_seq=1 ttl=64 time=0.667 ms

--- 192.168.21.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.667/0.667/0.667/0.000 ms

vxlan-3:~$ ping -c 1 192.168.21.102

PING 192.168.21.102 (192.168.21.102) 56(84) bytes of data.
64 bytes from 192.168.21.102: icmp_seq=1 ttl=64 time=0.101 ms

--- 192.168.21.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.101/0.101/0.101/0.000 ms

vxlan-3:~$ ping -c 1 192.168.21.103

PING 192.168.21.103 (192.168.21.103) 56(84) bytes of data.
64 bytes from 192.168.21.103: icmp_seq=1 ttl=64 time=0.020 ms

--- 192.168.21.103 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.020/0.020/0.020/0.000 ms

List ARP entries.

vxlan-1:~$ ip neigh show dev vxlan21

192.168.21.103 lladdr 4e:ab:8c:f2:50:fa STALE
192.168.21.102 lladdr 82:3e:3d:40:a5:a8 STALE

vxlan-2:~$ ip neigh show dev vxlan21

192.168.21.103 lladdr 4e:ab:8c:f2:50:fa STALE
192.168.21.101 lladdr 6e:b8:01:78:5e:45 STALE

vxlan-3:~$ ip neigh show dev vxlan21

192.168.21.102 lladdr 82:3e:3d:40:a5:a8 STALE
192.168.21.101 lladdr 6e:b8:01:78:5e:45 STALE